In-band identity verification and man-in-the-middle defense
First Claim
Patent Images
1. A method, comprising:
- receiving, at a local device, a verification request from a remote user in conjunction with a contact made by the remote user with a local user, wherein the verification request includes a request for a representation of a cryptographic hash value of a cryptographic key of the local user;
in response to a confirmation received from the local user of the local device, initiating a verification process, wherein the verification process includes capturing audiovisual content by the local device and the audiovisual content includes the representation of the cryptographic hash value; and
transmitting a result of the verification process to the remote user.
4 Assignments
0 Petitions
Accused Products
Abstract
A variety of techniques for performing identity verification are disclosed. As one example, a verification request is received from a remote user. The verification request pertains to a cryptographic key. In response to receiving a confirmation from a local user of the local device, a verification process is initiated. A result of the verification process is transmitted to the remote user. As a second example, a verification request can be received at the local device, from a local user of the device. A verification process with respect to the local user is initiated, and a result of the verification process is transmitted to a remote user that is different from the local user.
21 Citations
18 Claims
-
1. A method, comprising:
-
receiving, at a local device, a verification request from a remote user in conjunction with a contact made by the remote user with a local user, wherein the verification request includes a request for a representation of a cryptographic hash value of a cryptographic key of the local user; in response to a confirmation received from the local user of the local device, initiating a verification process, wherein the verification process includes capturing audiovisual content by the local device and the audiovisual content includes the representation of the cryptographic hash value; and transmitting a result of the verification process to the remote user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method, comprising:
-
receiving at a local device, in conjunction with a contact made by a remote user with a local user, content purporting to establish an identity of the remote user at a remove device, wherein the content includes an audiovisual component that includes a representation of a cryptographic hash value of a cryptographic key of the remote user; displaying, to the local user, the received content; and recording an authentication verdict provided by the local user in conjunction with reviewing the received response, wherein an indication of the verdict is provided to the remote user in a messaging interface. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A non-transitory computer-readable medium comprising instructions that when, executed by at least one hardware processor, perform the steps of, comprising:
-
receiving, at a local device, a verification request from a remote user in conjunction with a contact made by the remote user with a local user, wherein the verification request includes a request for a representation of a cryptographic hash value of a cryptographic key of the local user; in response to a confirmation received from the local user of the local device, initiating a verification process, wherein the verification process includes capturing audiovisual content by the local device and the audiovisual content includes the representation of the cryptographic hash value; and transmitting a result of the verification process to the remote user.
-
-
18. A non-transitory computer-readable medium comprising instructions that when, executed by at least one hardware processor, perform the steps of, comprising:
-
receiving at a local device, in conjunction with a contact made by a remote user with a local user, content purporting to establish an identity of the remote user at a remove device, wherein the content includes an audiovisual component that includes a representation of a cryptographic hash value of a cryptographic key of the remote user; displaying, to the local user, the received content; and recording an authentication verdict provided by the local user in conjunction with reviewing the received response, wherein an indication of the verdict is provided to the remote user in a messaging interface.
-
Specification